CWE-1057 - Data Access Operations Outside of Expected Data Manager Component
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2019-01-03
- Latest Modification Date:2024-02-29
Weakness Name
Data Access Operations Outside of Expected Data Manager Component
Description
The product uses a dedicated, central data manager component as required by design, but it contains code that performs data-access operations that do not use this data manager.
This issue can make the product perform more slowly than intended, since the intended central data manager may have been explicitly optimized for performance or other quality characteristics. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.
Common Consequences
Scope: Other
Impact: Reduce Performance
Related Weaknesses
Oracle Health breach compromises patient data at US hospitals
Oracle denies breach after hacker claims theft of 6 million data records
Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)
We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
PoisonSeed phishing campaign behind emails with wallet seed phrases
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
InformationalInformation Disclosure - Suspicious Comments
HighPII Disclosure
CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code
CWE-1318 Missing Support for Security Features in On-chip Fabrics or Buses
CWE-1072 Data Resource Access without Use of Connection Pooling
HighCWE-646 Reliance on File Name or Extension of Externally-Supplied File
CWE-550 Server-generated Error Message Containing Sensitive Information